Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SMabille
Contributor

Fortigate 5.6: NGFW mode: SSL Interception

Hi,

 

Found a massive limitation in 5.6 NGFW mode: You can only configure SSL Interception profile globally in Settings.

If you got (closed) devices that doesn't allow to add trusted root certificate you can't force them to use a different (SSL Cert Inspection only) profile.

In policy mode: From: Closed device, To: Any, Serv: HTTPS, Allow, SSL: Cert-Inspection.

 

Enhancement request: Add a "From" exception in the SSL/SSH Profile? (As this would probably be the easiest place to implement). 

1 REPLY 1
hklb
Contributor II

Hi,

 

Totally agree.

 

But I think in policy it's not the best way to do that because you can have multiple policy from the same source to the same destination, but with a different application control associated.

 

IMHO the best way is in central nat policy. These policy are not associated to a application/web category, so you are sure you can't have multple match.

 

Lucas

Labels
Top Kudoed Authors